The verification process occurs on the initial codefile execution. The result of a failed verification depends on the CODEVERIFYCHECK security option. The CODEVERIFYCHECK option provides flexible settings; the strictest setting, REQUIRED, prevents execution, while more lenient settings are provided to facilitate migration and mixed-use scenarios.
The following topics describe each CODEVERIFYCHECK setting in detail.
CODEVERIFYCHECK = NONE
Regardless of the CODEVERIFYGEN setting, The MCP will not attempt to verify the codefile when it is executed.
CODEVERIFYCHECK = REQUIRED
All codefiles are checked for valid codefile verification data when executed. Invalid or missing codefile verification data will cause the program to be abnormally terminated (DSed).
CODEVERIFYCHECK = CONDITIONAL
If the codefile does not contain verification data, it is executed without verification; however, if codefile verification data is present, both the SEG0 and data information is verified. A discrepancy in the verification data will cause the program to be DSed.
This setting can be useful when:
-
Codefiles will be received from MCP systems without codefile verification enabled. No verification will be performed on codefiles received without codefile verification data when they are first executed, and codefile verification data will be generated when they are first closed.
-
Codefiles will be transferred to and from MCP systems that support codefile verification but might not have it enabled.
| Note: | Regardless of the security option settings, systems that support codefile verification will update a codefile's verification when necessary to preserve the integrity of those files. |
CODEVERIFYCHECK = MIGRATION
If the codefile does not include verification data, it is executed without any verification; however, if it does have codefile verification data, both the SEG0 and data values are verified using the CODEVERIFYGEN algorithm. If the SEG0 value does not match, a warning will be displayed by the MCP, but the program will execute. If the data value does not match, the program will be DSed.
The MIGRATION option is intended for systems that will transfer files to and from MCP systems on which codefile verification is not enabled. Systems without codefile verification will not update any codefile verification data stored in codefiles copied to them, but the SEG0 data of those files may change through execution. When those files are copied back to systems with codefile verification, verification of the SEG0 value will fail. The MIGRATION option allows these files to run (assuming the data value passes verification), causing the SEG0 value to be updated. This makes it possible to use codefile verification while sharing files with systems running older release levels.
This is the default setting if CODEVERIFYCHECK is not set.
